Paul Walsh, of www.protocolsolutions.co.uk asks the scariest question out there: Think your network is safe from malicious attack? Find out for sure – a quick, complimentary chat will help you sleep better.
When it comes to penetration testing, there is no “one size fits all” approach. Every network is different, and every company has its own specific security goals. Lots of questions need to be answered in advance of performing the penetration test.
For instance, where will the testing take place? The testing can be done either onsite, offsite, or some combination of the two. How much notice, if any, will the IT staff be given? You can determine whether or not your IT staff will be involved in or notified of the penetration testing.
One important question you must answer is which standard of penetration testing to use. There are three major standards of penetration testing:
1. CHECK
2. OSSTMM
3. OWASP
As with all questions related to penetration testing, which standard to use depends on what you want to learn from the testing. To understand what information you as a company can expect to gain, let’s look at an overview of each of these three standards.
CHECK
CHECK grew out of the need to ensure airtight security of government networks. Because of the sensitive and classified information accessible through government networks, a high level of testing is needed, and the testing must also be consistent across the board. The CHECK standard is focused primarily on the security of information stored on a given server. Tests are performed to determine to what extent and in what ways the confidentiality of that information could be compromised.
OSSTMM
OSSTMM stands for the “Open Source Security Testing Methodology Manual.” The OSSTMM is a standardized method for penetration testing. The idea is for the company to be assured of the baseline for the testing, regardless of which network security firm they hire. It sets forth detailed mandates regarding which aspects of the network to test, how to conduct the test, and how to analyze the results of the test.
OWASP
OWASP stands for the “Open Web Application Security Project.” OWASP is an open source, community-driven effort. The OWASP Foundation states that it is able to provide unbiased information, wholly uninfluenced by any commercial enterprise. The process is a collaborative one, with the focus being on improved security of web applications and services. Through the efforts of the OWASP community tools are developed and information is catalogued that aids developers, vendors, and consumers design and deploy safe application software.
As you can see, every one of these standards brings something different to the table. CHECK offers intensity capable of securing the most sensitive of networks. OSSTMM lays out a specific set of procedures and guideline that promises consistency across the board. OWASP rounds out the list with its invaluable input from computer experts around the world.
Looking at what each standard offers in terms of security testing, it could be hard for a company to choose. The good news is that choosing amongst CHECK, OSSTMM, and OWASP isn’t your only option. Instead, you can choose a different standard, the one standard on the market that outdoes all of the other three. It’s the fourth option, and it’s the standard of Protocol Solutions.
Protocol Solutions uses a standardized methodology that meets and exceeds the CHECK, OSSTMM, and OWASP standards. No matter the size of your network or the nature of the data you need to protect, the stringent, focused method of Protocol Solutions’ penetration testing will keep you secure.
- Related Videos
- Related Articles
- Ask / Related Q&A
- The Basics of Network Security
- Network security audit and monitoring
- Nsauditor - network security scanner and auditor
- Nsauditor Network Security Auditor - Network Audit and Monitoring Tool for Corporate Local Area Networks
- Texas Network Security Systems are Tighter Than a Biscuit
- Austin Texas Network Security is Tighter Than a Biscuit
- Network Security Scan and Monitoring Software
- A Small Business Network Security Survey
KeepCop: Don't Depend On This Rogue To Keep Your PC Safe!
By: Carl Haugen | 23/12/2009KeepCop sounds like the security police for your PC, doesn't it? It is actually a rogue security program that is designed to steal your money. How? Through incessant security alerts and fake system notifications, the makers of this product hope to scare you into believing that your computer is infected with spyware and other malware. They hope that you will be convinced that your PC is infected, and purchase their scam of a product.
Eco AntiVirus is Deceitful Malware
By: Carl Haugen | 23/12/2009If you have been receiving frightening security warnings, you may believe that Eco AntiVirus is a genuine tool to remove spyware and other parasites. Beware; this application is actually a rogue security program designed to trick you, so that you will spend your money on the useless product they promote. There are many scams out there that claim to protect the security of your PC, and this is one of them.
Eco AntiVirus is Deceitful Malware
By: Carl Atkinson | 23/12/2009If you have been receiving frightening security warnings, you may believe that Eco AntiVirus is a genuine tool to remove spyware and other parasites. Beware; this application is actually a rogue security program designed to trick you, so that you will spend your money on the useless product they promote. There are many scams out there that claim to protect the security of your PC, and this is one of them.
How To Secure Files In Windows
By: Kevin | 22/12/2009For individuals or any commercial organizations, data security is not only a corporation option, it's the law. Losing sensitive data by way of natural disasters or physical theft can have severe consequences on a company, possibly crippling the entire organization. While there are many different security mechanisms, data encryption is perhaps the most effective in regard to protecting confidential information. learn how to make your data the most secured one..
How to reset sa password in MS SQL Server ?
By: happykaka | 22/12/2009The sa account has full rights in the MS SQL Sever environment. When you install the MS SQL Server program, the sa account is created and sa password is default blank (NULL). You can also change the blank sa password to a strong one when the setup program is running.
Offline Update Avira
By: sugiex | 22/12/2009update the antivirus Avira without a direct internet connection.
Importance of IT Support in Business
By: George Pettit | 21/12/2009Virtually every company depends on its computer network. Its cash flow and inventory are just two of the figures that need to be closely monitored and this can only be done with assurance through a functioning computer system. In addition, the clients are serviced through computer generated software and any interruption in the system will cost the Business clients.
How far has CCTV come?
By: Holly Forster | 21/12/2009Closed-circuit television (CCTV) refers to the use of video cameras to transmit signals in a specific place, across a limited set of monitors. CCTV is often used for surveillance in areas and industries that may need around the clock monitoring, including banks, industrial warehouses, and convenience stores.
What is Ethical Hacking?
By: Paul Walsh | 20/11/2007 | SecurityHow can 'ethical' and 'hacking' be used in the same sentence? The ultimate white hat hero, an ethical hacker can save the day before a nightmare ever has a chance to start.
The Basics of Network Security
By: Paul Walsh | 20/11/2007 | SecurityHackers are smart. But a solid network security policy is even smarter. Learn the basics of keeping your network safe and secure.
How to Conduct a Penetration Test
By: Paul Walsh | 20/11/2007 | SecurityThink you'd have to be crazy to ask someone to hack into your network? A sound penetration test is the only way to know for sure how secure your system really is.